The first article in this four part series focused on the emergence of a full lifecycle approach to cybersecurity over the last 15 years, and the elevation of the cyber responsibility in an organization to the C-Suite and beyond. This article will look at how the cybersecurity market has changed from an operational perspective, focusing on the internal changes that have occurred to keep pace with the demand externally. But first, no operational discussion can start without a look at budgets, and how organizations plan for, and procure, cybersecurity services and solutions. And who is responsible for that budget?
From a government perspective, the answer is quite clear. Congress appropriates funding and agency Chief Information Security Officers (CISO) – and other procurement officials – spend it. In fact, agency budget requests include cyber-specific funding and those levels are growing significantly as the overall budget remains stagnant. Take for example the Department of Defense (DOD) U.S. Cyber Command, which more than doubled its 2013 funding to a total of $447 million. The Department of Homeland Security (DHS) cybersecurity operations budget is $792 million, an increase of $35.5 million over the previous year. Although cybersecurity was a priority in the late 90s, including roughly $1 billion of funding in the FY 1998 budget, the current status shows the clear focus and evolution of the government in their dedication to delivering a robust cyber program.